W32/BackOrifice_2k.Trojan
| W32/BackOrifice_2k.Trojan |
Destructivity:  Spreading: Overall risk: 
|
| • Detected by virus detection files published: 8/21/2000 | • Type: Trojan |
| • Virus characteristics first published: 8/21/2000 | • Spreading mechanism: Email, Network, Other |
| • Virus characteristics latest update: 12/17/2003 | • Overall risk: Medium |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
|
BackOrifice 2000 is a backdoor program that can allow an unauthorized person to access a computer remotely without the end user's knowledge. BO2K is available for Window 95/98 and Window NT/2000. Unlike a virus BackOrifice is not self-replicating and must users must be tricked to installing the program. Backdoor programs like BO2K are typically sent as attachments to email with innocent looking file names. BO2K is a client/server application. The server must be installed at a computer to gain access to it with the client part. When the server is installed the client can connect to the server part via a network (e.g. the Internet) and perform a lot of different tasks:
All this may be done invisible for the end user and system administrator. There is a Configuration utility to configure the server part. This program can be used to configure the BackOrifice 2000 as a backdoor. The Configuration Wizard allows you to configure the following settings:
When the Configuration Wizard is finished the BO2K Server Configuration screen is displayed:  This give you additional options to configure how the server part should be run. Including client/server communication and options to prevent the server from being detected. |
||||||||||||||